Leave the CDs in the Office

There are few things more aggravating than going out to a coworker's office to work on their computer and finding that to fix it you need a CD that is sitting in your office. If you have ever experienced that, or would simply like to no longer need to tote that book of CDs with you every day, then this article is for you.

Even though I work in an environment where the desktop is dominated by Windows, there are several Linux-based tools that are used on a regular basis. These include tools for blanking a Windows password, destroying all the data on a hard drive, repartitioning a hard drive, and testing memory. The nice thing is that all of these tools natively boot via SYSLINUX (aka ISOLINUX), which means they can also be booted via PXE over the network. All that is required is a little time, a place on your network to store the files, and some free software. Interested? Good, let's make it happen.

First, configure a TFTP server on the same server that you want to store files on. Naturally, Linux is preferred here but a Windows server (not desktop) will work fine too via TFTPD32 or the like. Once that is setup we need something to serve out to our clients so lets download the latest version of SYSLINUX from kernel.org and copy the following files from it to our TFTP root:

core\pxelinux.0
Be sure to actually use THIS version of pxelinux.0 as several Linux distros have modified theirs and somewhat broken it (details here).

com32\menu\vesamenu.c32

Now that these files are in place we need to make one more server-side configuration -- we need to set two DHCP options:

** If your network uses MS DHCP then these are set in Options 66 & 67.

The first of these tells clients where to find your TFTP server and the second tells them what file to request. Pxelinux.0 loads into memory then boots. The kicker is that we need to tell it what to do and that requires a plain text file named default (no extension) that is placed inside a folder called pxelinux.cfg, which, in turn, is in your TFTP root. So, thus far our directory structure should look like this:

The file default contains your boot menu entries and can call other files if you are like me and want to separate out static menu configuration information and sub-menus. To get started, open "default" in your favorite text editor and enter the following:

This is all info that never changes and just takes up a lot of room in default so I moved it to a separate file.

Now for the fun stuff...

As you can see from the menu we are setting up Memtest86+ to test a computer's RAM, Offline NT Password & Registry Editor, and Darik's Boot and Nuke for wiping hard drives. The partitioning tool I mentioned earlier is Gnome Partition Editor, a.k.a. GPartEd. Making gparted available via PXE is documented on their site but requires a bit more work than these three tools do. To setup Memtest86+ download the latest pre-compiled binary from their site and copy the contained file to a folder named memtest in your TFTP root. Rename the binary to memtest, otherwise it will fail to boot. Ntpasswd is similarly simple. Just download the bootable CD image from their site, mount the .iso, and copy the following files to ntpasswd in your TFTP root:

vmlinuz

initrd.cgz

scsi.cgz

Booting DBAN requires chainloading its ISO via memdisk, which is provided by the SYSLINUX package in a folder by the same name. Copy it to a folder named memdisk in the TFTP root, create a folder inside of there called iso, and save your dban disk image in there. So, thus far our directory structure should look like this:

That's it -- everything is now setup. Hook a computer or virtual machine (with bridged networking) up to the network and reboot. Generally you press F12 to get a boot menu which will have your network adapter listed as an option (if not, look for a setting to enable it with PXE in the BIOS). Select your NIC and you should rapidly be greeted by a blue menu showing the options we just setup. The numbers in the menu are hot keys because we put the ^ symbol before them in the menu. If you do not pick anything within 30 seconds your computer will boot to its local hard drive automatically.

As a final note, there are many other tools that can be added to this boot menu and menu options can be protected via a plain text or encrypted password to keep users from messing up their computers. For example, I set this menu up where I work and it includes the following options:

1. Local boot
2. Symantec Ghost 2.5.1 (these all use a WinPE environment)

1 obsolete a : to make heavy : burden b : increase
2 : to make worse, more serious, or more severe : intensify unpleasantly
3 a : to rouse to displeasure or anger by usually persistent and often petty goading b : to produce inflammation in

CD's are on death road, walking the seemingly endless road until Music and Software are no longer sold on them, and they begin to disappear.

All you really need is a 4GB LiveUSB to get the job done. Mostly all computer hardware made in the last five years can boot from a USB flash drive, and many GNU/Linux distributions can be installed to USB thumb drives. You can actually place GRUB on the master boot record for the USB drive and have multiple distributions installed to choose from at boot. Debian/Ubuntu, Live gParted, and BackTrack, are all useful.

Bootable USBs are nice and I have used them for many things but they still fall subject to the same main issue as a CD... you have to remember to take the USB stick with you and it can only be used in one place at a time. By putting those same utils on the network you get to free yourself from toting around yet another item, plus you can use it simultaneously on multiple computers.

Gene Liverman is a Systems Administrator of *nix and VMware at a university.

There are versions of Damn Small Linux and Parted Magic that boot entirely over TFTP using a huge initrd image. This works but in the case of my server I have to split Parted Magic's image into smaller chunks else it hits the maximum transfer size and fails to load. There is a script at the Parted Magic site that does this easily.

I would like to get Mandriva, Fedora, and OpenSUSE booting with PXE over NFS or HTTP some day.

Ideally both. With Ubuntu I can boot LiveCD ISOs and install from them. The LiveCD "desktop" installers don't support RAID/LVM2/dm-crypt and have a 512MB+ memory requirement. For installations that don't meet these requirements I boot the "alternate" ISOs which have a text-mode interface. In the past I also had a full Ubuntu repository mirror that could install everything but removed it because the bandwidth requirements were too large.

Of course I don't think I'll put ntpasswd out there on my domain network. I know it only exposes local passwords, not domain, but I still don't want to put the ability to clear the local admin password just an F12 away...

That same concern is why we decided to take advantage of the ability to add an encrypted password to all the menu entries that could mess up a computer. It adds a lot of piece-of-mind value to the setup.

Gene Liverman is a Systems Administrator of *nix and VMware at a university.

I don't come across many articles that jump out at me, but for someone who still carries CDs, now thumb drives, but not zip discs or floppies, this is an elegant way to keep those items updated and available on the company net. Thanks.

Trending Topics

Upcoming Webinar

Getting Started with DevOps - Including New Data on IT Performance from Puppet Labs 2015 State of DevOps Report

August 27, 2015
12:00 PM CDT

DevOps represents a profound change from the way most IT departments have traditionally worked: from siloed teams and high-anxiety releases to everyone collaborating on uneventful and more frequent releases of higher-quality code. It doesn't matter how large or small an organization is, or even whether it's historically slow moving or risk averse — there are ways to adopt DevOps sanely, and get measurable results in just weeks.